We show that the usual blindig countermeasures against SCA are insufficient (actually they introduce weaknesses) if no point validation is performed, or if an attacker has access to certain intermediate points. In this case the overall security of the system is reduced to the length of the blinding parameter. We emphazise that our methods work even in the case of a very high identification error rate during the SCA-phase.
Category / Keywords: public-key cryptography / Twist security, deterministic ECDSA, ECDH, random blinding, SCA Date: received 9 Jun 2015 Contact author: manfred lochter at bsi bund de Available format(s): PDF | BibTeX Citation Note: I'll be out of office for some days. If necessary you can reach me under manfred.lochter@gmx.de or contact andreas.wiemers@bsi.bund.de Version: 20150617:171612 (All versions of this report) Short URL: ia.cr/2015/577 Discussion forum: Show discussion | Start new discussion